developer/galaxy-game
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Compare commits

base: developer/galaxy-game:fe8ad6a02a231eea933190a5738b0d0c9f4703cf
Branches Tags
developer/galaxy-game:development developer/galaxy-game:chore/dev-sandbox-cancel-todo developer/galaxy-game:feat/ui-stage-28 developer/galaxy-game:main
..
compare: developer/galaxy-game:660044559ce92aec6f95be89a99c943ed5e7a0cb
Branches Tags
developer/galaxy-game:development developer/galaxy-game:chore/dev-sandbox-cancel-todo developer/galaxy-game:feat/ui-stage-28 developer/galaxy-game:main

4 Commits
fe8ad6a02a .. 660044559c

Author SHA1 Message Date
developer 660044559c Merge pull request #4: cleanup after host-mode runner
Deploy · Dev / deploy (push) Successful in 28s
Details
Tests · Go / test (push) Successful in 1m41s
Details
Tests · Integration / integration (push) Successful in 1m45s
Details
Tests · UI / test (push) Successful in 2m14s
Details 
Drops the docker-in-docker workarounds (GIT_SSL_NO_VERIFY env, GeoIP image bake, playwright --with-deps) now that act_runner executes jobs natively on the host.
 2026-05-14 04:31:27 +00:00
Ilia Denisov 9135991887 ci/ui-test: drop --with-deps now that runner is host-mode
Tests · Go / test (pull_request) Successful in 2m6s
Details
Tests · UI / test (push) Failing after 2m32s
Details
Tests · Integration / integration (pull_request) Successful in 1m52s
Details
Tests · UI / test (pull_request) Successful in 2m3s
Details 
`playwright install --with-deps` shells out to `sudo apt-get install`
for the system libraries that headless browsers need. In a job
container that runs as root this is silent; on a host-mode runner the
non-interactive sudo prompts for a password, fails three times, and
the step exits 1.

Drop --with-deps. The system .so libraries are installed once on the
host via `pnpm exec playwright install-deps` (or the equivalent
apt-get incantation); workflow runs only need to fetch the browser
binaries themselves, which lives under the runner user's home and
needs no privilege.

Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
 2026-05-14 01:59:45 +02:00
Ilia Denisov bb74e3336e dev-deploy: restore GeoIP bind-mount, drop image bake
Tests · Integration / integration (pull_request) Successful in 2m14s
Details
Tests · Go / test (pull_request) Successful in 2m19s
Details
Tests · UI / test (pull_request) Failing after 51m17s
Details 
With the runner in host-mode, compose bind-mount paths resolve to
real host paths the Docker daemon can see, so the GeoIP file no
longer needs to be baked into the backend image to survive CI. Bring
back the bind-mount of `pkg/geoip/test-data/.../mmdb`, matching how
local-dev sources it. Image now only carries the backend binary,
symmetric with the production `backend/Dockerfile`.

Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
 2026-05-14 01:04:11 +02:00
Ilia Denisov 4a88b24f4b ci: drop GIT_SSL_NO_VERIFY now that runner is host-mode 
The act_runner now executes jobs natively on the host (no per-job
container), so actions/checkout uses the host's system CA store,
which already trusts the host-Caddy root CA. The workaround that
disabled TLS verification for `git fetch` is no longer needed and
just hides legitimate cert issues if they ever appear.

Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
 2026-05-14 01:04:11 +02:00
7 changed files with 9 additions and 50 deletions
Expand all files Collapse all files
.gitea/workflows/dev-deploy.yaml
-6
View File
@@ -24,12 +24,6 @@ on:
- '.gitea/workflows/dev-deploy.yaml'
- '!**/*.md'
env:
# See go-unit.yaml for the rationale; this disables TLS verify for
# actions/checkout against the LAN Gitea host signed by host-Caddy's
# internal CA.
GIT_SSL_NO_VERIFY: "true"
jobs:
deploy:
runs-on: ubuntu-latest
.gitea/workflows/go-unit.yaml
-9
View File
@@ -30,15 +30,6 @@ on:
- '.gitea/workflows/go-unit.yaml'
- '!**/*.md'
env:
# The Gitea host serves https://gitea.iliadenisov.ru with a cert
# signed by host-Caddy's internal CA. The runner-image's CA bundle
# does not include that root, so actions/checkout fails on `git
# fetch`. Disabling SSL verify is acceptable for this LAN-only
# infrastructure; the long-term fix is to mount the Caddy root CA
# into the runner image.
GIT_SSL_NO_VERIFY: "true"
jobs:
test:
runs-on: ubuntu-latest
.gitea/workflows/integration.yaml
-6
View File
@@ -37,12 +37,6 @@ on:
- '.gitea/workflows/integration.yaml'
- '!**/*.md'
env:
# See go-unit.yaml for the rationale; this disables TLS verify for
# actions/checkout against the LAN Gitea host signed by host-Caddy's
# internal CA.
GIT_SSL_NO_VERIFY: "true"
jobs:
integration:
runs-on: ubuntu-latest
.gitea/workflows/prod-build.yaml
-6
View File
@@ -21,12 +21,6 @@ on:
- '.gitea/workflows/prod-build.yaml'
- '!**/*.md'
env:
# See go-unit.yaml for the rationale; this disables TLS verify for
# actions/checkout against the LAN Gitea host signed by host-Caddy's
# internal CA.
GIT_SSL_NO_VERIFY: "true"
jobs:
build:
runs-on: ubuntu-latest
.gitea/workflows/ui-test.yaml
+8 -7
View File
@@ -16,12 +16,6 @@ on:
- '.gitea/workflows/ui-test.yaml'
- '!**/*.md'
env:
# See go-unit.yaml for the rationale; this disables TLS verify for
# actions/checkout against the LAN Gitea host signed by host-Caddy's
# internal CA.
GIT_SSL_NO_VERIFY: "true"
jobs:
test:
runs-on: ubuntu-latest
@@ -51,8 +45,15 @@ jobs:
run: pnpm install --frozen-lockfile
- name: Install Playwright browsers
# `--with-deps` would shell out to `sudo apt-get install` for
# the system .so libraries, which the host-mode runner cannot
# run non-interactively. The host has the deps installed once,
# globally; we only need to fetch the browser binaries here.
# If a future run fails with missing libraries, install them
# on the host via `pnpm exec playwright install-deps` (one
# shot, requires sudo).
working-directory: ui/frontend
run: pnpm exec playwright install --with-deps
run: pnpm exec playwright install
- name: Run Vitest
working-directory: ui/frontend
tools/dev-deploy/docker-compose.yml
+1 -5
View File
@@ -125,11 +125,7 @@ services:
target: ${GALAXY_DEV_GAME_STATE_DIR}
bind:
create_host_path: true
# The GeoIP database is baked into the backend image (see
# tools/local-dev/backend.Dockerfile); a bind-mount is not used
# here because the source path resolves inside the runner
# workspace volume and the host Docker daemon cannot see it,
# which produced an "is a directory" error in CI.
- ../../pkg/geoip/test-data/test-data/GeoIP2-Country-Test.mmdb:/var/lib/galaxy/geoip.mmdb:ro
networks:
- galaxy-internal
healthcheck:
tools/local-dev/backend.Dockerfile
-11
View File
@@ -24,16 +24,6 @@ COPY pkg/transcoder/ ./pkg/transcoder/
COPY pkg/util/ ./pkg/util/
COPY backend/ ./backend/
# Bake the GeoIP test database into the build context so downstream
# stages can copy it into the runtime image. The path is the
# `MaxMind-DB` git submodule under `pkg/geoip/test-data/`; the file is
# the smallest country DB MaxMind publishes and is what every other
# dev-stack uses. Baking it lets dev-deploy skip the bind-mount that
# fails on runner-workspace volumes the host Docker daemon cannot see.
RUN mkdir -p /out/var/lib/galaxy
COPY pkg/geoip/test-data/test-data/GeoIP2-Country-Test.mmdb \
/out/var/lib/galaxy/geoip.mmdb
RUN <<'EOF' cat > go.work
go 1.26.2
@@ -77,6 +67,5 @@ EXPOSE 8080
EXPOSE 8081
COPY --from=builder /out/backend /usr/local/bin/backend
COPY --from=builder /out/var/lib/galaxy/geoip.mmdb /var/lib/galaxy/geoip.mmdb
ENTRYPOINT ["/usr/local/bin/backend"]